{"generated_at":"2026-05-07T19:12:00.019Z","period":{"from":"2026-04-07","to":"2026-05-07"},"framework":"iso27001","evidence":{"access_control_events":0,"config_change_events":0,"controls_mapped":[{"ref":"A.9.1.1","description":"Access control policy","evidence":"proc_user_roles + proc_approver_cost_centers","status":"IMPLEMENTED"},{"ref":"A.9.4.1","description":"Information access restriction","evidence":"RLS policies per user role, service_role bypass only for agents","status":"IMPLEMENTED"},{"ref":"A.12.1.2","description":"Change management","evidence":"supabase/migrations — all schema changes version-controlled","status":"IMPLEMENTED"},{"ref":"A.12.4.1","description":"Event logging","evidence":"proc_agent_runs, tsm_state_transitions, tsm_ledger_events","status":"IMPLEMENTED"},{"ref":"A.14.2.2","description":"System change control procedures","evidence":"Agent kill switch + operator approval for config changes","status":"IMPLEMENTED"},{"ref":"A.16.1.2","description":"Reporting information security events","evidence":"proc_agent_health_check() + AGENT_HEALTH_ALERT events","status":"IMPLEMENTED"}],"recent_access_events":[]}}